UUXO/dbbackup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 31 Wiki Activity

Add privilege diagnostic script for database privilege analysis

Browse Source 
- privilege_diagnostic.sh: Comprehensive script to analyze database privileges
- Checks database access privileges, roles, and globals.sql content
- Helps diagnose privilege preservation issues after restore
- Includes detailed reporting of privilege states and backup contents
This commit is contained in:
Renz
2025-11-11 08:25:00 +00:00
parent 1686269c23
commit ed5c355385
2 changed files with 315 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
privilege_report_testhost.txt Normal file
View File

@@ -0,0 +1,216 @@
==============================================
Database Privilege Diagnostic Report
Host: psqldb
Date: Tue Nov 11 08:09:36 AM UTC 2025
User: root
==============================================
1. DATABASE LIST WITH PRIVILEGES:
==================================
List of databases
Name | Owner | Encoding | Locale Provider | Collate | Ctype | ICU Locale | ICU Rules | Access privileges
-------------------------+----------+----------+-----------------+-------------+-------------+------------+-----------+-----------------------
backup_test_db | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
cli_test_db | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
cluster_restore_test | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
final_test_db | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
large_test_db | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
menu_test_db | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
ownership_test | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
perfect_test_db | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
postgres | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
restored_ownership_test | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
template0 | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | | =c/postgres +
| | | | | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | | =c/postgres +
| | | | | | | | postgres=CTc/postgres
test_restore_timing | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
test_sample_backup | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
test_single_backup | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
timing_test_db | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
ultimate_test_db | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
(17 rows)
2. DATABASE PRIVILEGES (Detailed):
==================================
database_name | access_privileges | owner
-------------------------+-------------------+----------
backup_test_db | | postgres
cli_test_db | | postgres
cluster_restore_test | | postgres
final_test_db | | postgres
large_test_db | | postgres
menu_test_db | | postgres
ownership_test | | postgres
perfect_test_db | | postgres
postgres | | postgres
restored_ownership_test | | postgres
test_restore_timing | | postgres
test_sample_backup | | postgres
test_single_backup | | postgres
timing_test_db | | postgres
ultimate_test_db | | postgres
(15 rows)
3. ROLE/USER LIST:
==================
List of roles
Role name | Attributes
-----------+------------------------------------------------------------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS
testowner |
4. DATABASE-SPECIFIC GRANTS:
============================
--- Database: ultimate_test_db ---
schemaname | tablename | tableowner | tablespace
------------+-----------+------------+------------
public | test_data | postgres |
(1 row)
--- Database: backup_test_db ---
schemaname | tablename | tableowner | tablespace
------------+------------+------------+------------
public | users | postgres |
public | audit_log | postgres |
public | documents | postgres |
public | user_files | postgres |
public | images | postgres |
(5 rows)
--- Database: cli_test_db ---
schemaname | tablename | tableowner | tablespace
------------+------------+------------+------------
public | test_table | postgres |
(1 row)
--- Database: cluster_restore_test ---
schemaname | tablename | tableowner | tablespace
------------+-----------+------------+------------
(0 rows)
--- Database: final_test_db ---
schemaname | tablename | tableowner | tablespace
------------+------------+------------+------------
public | test_table | postgres |
(1 row)
--- Database: large_test_db ---
schemaname | tablename | tableowner | tablespace
------------+------------------+------------+------------
public | large_test_table | postgres |
(1 row)
--- Database: menu_test_db ---
schemaname | tablename | tableowner | tablespace
------------+------------+------------+------------
public | test_table | postgres |
(1 row)
--- Database: ownership_test ---
schemaname | tablename | tableowner | tablespace
------------+-----------+------------+------------
public | test_data | testowner |
(1 row)
--- Database: perfect_test_db ---
schemaname | tablename | tableowner | tablespace
------------+-----------+------------+------------
public | test_data | postgres |
(1 row)
--- Database: restored_ownership_test ---
schemaname | tablename | tableowner | tablespace
------------+-----------+------------+------------
public | test_data | postgres |
(1 row)
--- Database: test_restore_timing ---
schemaname | tablename | tableowner | tablespace
------------+------------+------------+------------
public | test_table | postgres |
(1 row)
--- Database: test_sample_backup ---
schemaname | tablename | tableowner | tablespace
------------+--------------+------------+------------
public | sample_table | postgres |
(1 row)
--- Database: test_single_backup ---
schemaname | tablename | tableowner | tablespace
------------+------------+------------+------------
public | test_table | postgres |
(1 row)
--- Database: timing_test_db ---
schemaname | tablename | tableowner | tablespace
------------+-------------------+------------+------------
public | timing_test_table | postgres |
(1 row)
5. GLOBAL OBJECT PRIVILEGES:
============================
rolname | rolsuper | rolcreaterole | rolcreatedb | rolcanlogin
-----------+----------+---------------+-------------+-------------
postgres | t | t | t | t
testowner | f | f | f | t
(2 rows)
6. CHECK globals.sql CONTENT (if exists):
========================================
Latest cluster backup: /var/lib/pgsql/db_backups/cluster_20251110_134826.tar.gz
globals.sql content:
===================
--
-- PostgreSQL database cluster dump
--
\restrict sWNr7ksTDJbnJSKSJBd9MGA4t0POFSLcEqaGMSM1uwA3cEmyGaIpD0VJrmAKQjX
SET default_transaction_read_only = off;
SET client_encoding = 'UTF8';
SET standard_conforming_strings = on;
--
-- Roles
--
CREATE ROLE postgres;
ALTER ROLE postgres WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION BYPASSRLS PASSWORD 'SCRAM-SHA-256$4096:8CqV4BNYEk6/Au1ub4otRQ==$PhSfnKEs49UZ6g4CgnFbLlhvbcq5nSkS4RMP5MTqf7E=:xg+3j/oZIF1mbu6SydJbqLem9Bd+ONNK2JeftY7hbL4=';
CREATE ROLE testowner;
ALTER ROLE testowner WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS PASSWORD 'SCRAM-SHA-256$4096:3TGJ9Dl+y75j46aWS8NtQw==$2C7ebcOIj7vNoIFM54gtUZnjw/UR8h6BorF1g/MLKTQ=:YIMFknJmXGHxvR+rAN2eXtL7LS4ng+iDnqmFkffSsss=';
--
-- User Configurations
--
\unrestrict sWNr7ksTDJbnJSKSJBd9MGA4t0POFSLcEqaGMSM1uwA3cEmyGaIpD0VJrmAKQjX
--
-- PostgreSQL database cluster dump complete
--
... (showing first 50 lines, check full file if needed)
Database creation commands in globals.sql:
No database grants found
==============================================
Diagnostic complete. Save this output and
compare between hosts to identify differences.
==============================================